SQL Injection Attacks by Example

Posted on Saturday, December 05, 2015 @ 05:27:22 PST in Security
by kguske

southern writes:  

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

more: UnixWiz

 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 327,501,436
  • Today: 18,404
Server InfoServer Info
  • Apr 25, 2017
  • 07:31 am PDT
 
 

Daily Inspiration